[Serusers] SER listening on TCP
pelinescu-onciul at fokus.fraunhofer.de
Thu Jul 10 20:16:43 CEST 2003
On Jul 10, 2003 at 20:11, Andrei Pelinescu-Onciul <pelinescu-onciul at fokus.fraunhofer.de> wrote:
> On Jul 10, 2003 at 19:29, Johan Bilien <jobi at via.ecp.fr> wrote:
> > On Thu, Jul 10, 2003, Andrei Pelinescu-Onciul wrote:
> > > No. stunnel is used for SSL-tunneling inetd daemons. It won't work with
> > > ser. sip proxies have to be able to open new connections (they can't be
> > > run from inetd).
> > > Even if you use it to re-inject the packets on another port (e.g. send
> > > all the ssl stuff on tcp localhost:5060 via netcat) you will still not
> > > have a tls sip server (any connections opened from ser side will still
> > > be non-tls).
> > > A TLS sip proxy should also support sips: uris.
> > I agree it would not be able to handle outgoing connections. Still,
> > this should allow TLS communication between the UA and its proxy
> > (especially REGISTER), correct me if I'm wrong.
> Yes but only for a while :-) tcp connections time out after some time. If
> they are not used, they will be closed. So the tcp connection between
> ser and stunnel will be closed and then if ser wants to send something
> back to your UA, it will try to open a new connection to it.
> You could try to increase the default timeouts (see tcpconn.h:
I've just remembered another thing: fi your UA is TLS enabled it will use
TLS in vias and probably sips uris. ser doesn't know how to handle
them. You'll probably get some unknown protocol errors.
More information about the sr-users